zha*_* yu 2 http http-method node.js
im doing nessus testing on my express app and here what i get
基于每种方法的测试:
HTTP methods ACL CHECKOUT COPY DELETE GET HEAD LOCK MERGE MKACTIVITY MKCOL MOVE NOTIFY OPTIONS PATCH POST PROPFIND PROPPATCH PUT REPORT SEARCH SUBSCRIBE TRACE UNLOCK UNSUBSCRIBE are allowed on :
//登录/样式
我做了一些搜索,实际上最终来到了这里。 disable HTTP methods, TRACK TRACE etc
解决方案
const allowedMethods = ['GET','HEAD','POST'];
function onrequest(req, res) {
if (!allowedMethods.includes(req.method))
return res.end(405, 'Method Not Allowed');
// ...
}
however i do not understand how to use the solution,
@kiksy comment that: This method would sit in your front controller. eg from here: expressjs.com/en/starter/hello-world.html You would add it to line 3
但第 3 行是"const port = 3000"
让我很困惑
有人可以帮我吗
仅供参考,我无法发表评论,因为我没有 50 名代表
该注释本质上是说您可以将其添加到任何路由中,并且检查每个请求的传入方法以查看它是否是白名单中的 HTTP 方法之一,如果不是,您将返回405一个让用户知道他们尝试使用的方法不受支持。
您可以使用中间件来覆盖所有请求。
const allowedMethods = ['GET', 'HEAD', 'POST']
app.use((req, res, next) => {
if (!allowedMethods.includes(req.method)) return res.end(405, 'Method Not Allowed')
return next()
})
| 归档时间: |
|
| 查看次数: |
4508 次 |
| 最近记录: |